Sign-up

ID

VAR-201708-0382


CVE

CVE-2017-10833


TITLE

Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Trust: 0.8

sources: JVNDB: JVNDB-2017-000204

DESCRIPTION

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-10832 * Improper access restriction (CWE-425) - CVE-2017-10833 * Directory traversal (CWE-22) - CVE-2017-10834 * Arbitrary PHP code execution (CWE-94) - CVE-2017-10835 Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An arbitrary OS command may be executed by a remote attacker - CVE-2017-10832 * Viewing information and modifying of configuration by a remote attacker - CVE-2017-10833 * An arbitrary local file on the product may be accessed by an authenticated attacker - CVE-2017-10834 * Arbitrary PHP code on the product may be executed by an authenticated attacker - CVE-2017-10835. DokodemoeyeSmartHDSCR02HD is a wireless monitor from NIPPONANTENNA

Trust: 2.25

sources: NVD: CVE-2017-10833 // JVNDB: JVNDB-2017-000204 // CNVD: CNVD-2017-22802 // VULHUB: VHN-101195

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-22802

AFFECTED PRODUCTS

vendor:nippon antennamodel:scr02hdscope:lteversion:1.0.3.1000

Trust: 1.0

vendor:nippon anntenamodel:"dokodemo eye smart hd" scr02hdscope:lteversion:1.0.3.1000

Trust: 0.8

vendor:nipponmodel:antenna dokodemo eye smart hd scr02hdscope:lteversion:<=1.0.3.1000

Trust: 0.6

vendor:nippon antennamodel:scr02hdscope:eqversion:1.0.3.1000

Trust: 0.6

sources: CNVD: CNVD-2017-22802 // JVNDB: JVNDB-2017-000204 // CNNVD: CNNVD-201708-1380 // NVD: CVE-2017-10833

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2017-000204
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2017-10833
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2017-000204
value: CRITICAL

Trust: 0.8

IPA: JVNDB-2017-000204
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-22802
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-1380
value: CRITICAL

Trust: 0.6

VULHUB: VHN-101195
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10833
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2017-000204
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-000204
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-000204
severity: LOW
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-000204
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-22802
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-101195
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10833
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000204
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2017-000204
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2017-000204
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2017-000204
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-22802 // VULHUB: VHN-101195 // JVNDB: JVNDB-2017-000204 // JVNDB: JVNDB-2017-000204 // JVNDB: JVNDB-2017-000204 // JVNDB: JVNDB-2017-000204 // CNNVD: CNNVD-201708-1380 // NVD: CVE-2017-10833

PROBLEMTYPE DATA

problemtype:CWE-425

Trust: 1.1

problemtype:CWE-78

Trust: 0.8

problemtype:CWE-94

Trust: 0.8

problemtype:CWE-22

Trust: 0.8

problemtype:CWE-264

Trust: 0.8

problemtype:CWE-284

Trust: 0.1

sources: VULHUB: VHN-101195 // JVNDB: JVNDB-2017-000204 // NVD: CVE-2017-10833

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1380

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1380

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000204

PATCH
title:NIPPON ANTENNA Co., Ltd websiteurl:http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-000204

EXTERNAL IDS
db:NVDid:CVE-2017-10833
Trust: 3.1
db:JVNid:JVN87410770
Trust: 3.1
db:JVNDBid:JVNDB-2017-000204
Trust: 0.8
db:CNNVDid:CNNVD-201708-1380
Trust: 0.7
db:CNVDid:CNVD-2017-22802
Trust: 0.6
db:VULHUBid:VHN-101195
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-22802 // 
            
            
            
            VULHUB: VHN-101195 // 
            
            
            
            JVNDB: JVNDB-2017-000204 // 
            
            
            
            CNNVD: CNNVD-201708-1380 // 
            
            
            
            NVD: CVE-2017-10833

REFERENCES
url:https://jvn.jp/en/jp/jvn87410770/index.html
Trust: 2.5
url:http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10835
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10832
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10833
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10834
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10832
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10833
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10834
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10835
Trust: 0.8
url:http://jvn.jp/en/jp/jvn87410770/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-22802 // 
            
            
            
            VULHUB: VHN-101195 // 
            
            
            
            JVNDB: JVNDB-2017-000204 // 
            
            
            
            CNNVD: CNNVD-201708-1380 // 
            
            
            
            NVD: CVE-2017-10833

SOURCES
db:CNVDid:CNVD-2017-22802
db:VULHUBid:VHN-101195
db:JVNDBid:JVNDB-2017-000204
db:CNNVDid:CNNVD-201708-1380
db:NVDid:CVE-2017-10833

LAST UPDATE DATE
2025-04-20T23:23:38.323000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22802date:2017-08-25T00:00:00
db:VULHUBid:VHN-101195date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-000204date:2018-02-28T00:00:00
db:CNNVDid:CNNVD-201708-1380date:2019-10-23T00:00:00
db:NVDid:CVE-2017-10833date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-22802date:2017-08-25T00:00:00
db:VULHUBid:VHN-101195date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-000204date:2017-08-23T00:00:00
db:CNNVDid:CNNVD-201708-1380date:2017-08-28T00:00:00
db:NVDid:CVE-2017-10833date:2017-08-29T01:35:12.907